Wordpress

GitHub Hosts Infostealer

A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered that this same approach is being used to push binary “info stealing” malware to Windows computers. Infected Magento Sites Recently, we identified hundreds of infected Magento sites with the following injected […]more…

Steps to Keep Your Site Clean: Access Points

Unfortunately, most website owners know what it’s like to have a site hacked – the panic, the rush to find anyone out there that can help, and the worry it causes. Maybe you were able to get your site back on track or had a company clean the site for you, but the important thing […]more…

Mail from the ‘Boss’ – A Classic Example of a $_POST Mailer Stealing CC Data

We often find mailer scripts while cleaning malicious code from websites. Some of them are easily discovered, while others are obfuscated or heavily encoded. These “mailers” allow bad actors to send unwanted emails from your domain, and can be triggered through the misuse of a vulnerable extension or leftover backdoor malware scripts. The $_POST Mail […]more…

Intro to Securing an Online Store – Part 2

Last year, we introduced the theme of Securing an Online Store. We talked about how to identify the potential risks and what to look out for. These principles can help in satisfying PCI DSS requirements 8 & 10: Requirement 8 – Identify and authenticate access to system components. Requirement 10 – Track and monitor all access to […]more…

The Impacts of Zero-Day Attacks

Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch available to prevent hackers from exploiting it. Today, we would like to expand on the impacts of these attacks. What Do Zero-Day Attacks Depend On? The impact a zero-day attack can have on your online […]more…

New Guide on How to Clean a Hacked Website

Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research website vulnerabilities and who are eager to share with you some tips on how to clean your hacked website. We are happy to help the community learn the steps they […]more…

Understanding Zero-Day Vulnerabilities & Attacks

In computer science, a vulnerability is considered to be a zero-day vulnerability if it’s unknown to all parties interested in patching it, such as: The team maintaining the project The users of the project Vulnerability researchers Vulnerability researchers are the good guys – people who won’t take advantage of the vulnerability for their own gain […]more…

Wikipedia Page Review Reveals Minr Malware

Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the <html> tag). This code is generated by the well-known JJEncode obfuscator, which was once quite popular for encrypting malicious code. Since its popularity dwindled a few years ago, we’ve hardly […]more…

Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins

On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor clicks anywhere on an infected web page, they are served questionable ads. Plugin Location The malicious plugins possess a very similar file structure: Injectbody wp-content/plugins/injectbody/ […]more…

Sucuri Website Backups Product Update

We’re excited to be sharing some changes we’ve recently pushed for our Website Backups product. If you’re not familiar with this feature, Sucuri Website Backups allow you to completely backup your files and database in our secure infrastructure. In a worst-case scenario, where files or databases are overwritten or deleted, these backups make it easy […]more…

How to Add Security to Your Client’s Websites

Website security has crossed the mind of nearly every website owner. However, as a website security company, we know that most webmasters come to us after the fact, when their website has already been compromised. Once hackers have taken over, website owners regret not having protected it when the website was initially launched. Today, we […]more…

What is a WAF?

Have you ever wondered what WAF means? WAF stands for Website Application Firewall. In order to make it simple to understand, imagine your website as a house and the people outside on the streets are the traffic that wants to come to your website. Of course, you want to open your door to friends and […]more…

Cloudflare[.]solutions Keylogger Returns on New Domains

A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the WordPress keylogger from Cloudflare[.]solutions. This malware was originally identified by one of our analysts in April 2017 and has since evolved and spread to new domains. Keylogger Spreads to New […]more…

SQLi Vulnerability in YITH WooCommerce Wishlist

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress. This plugin allows visitors and potential customers to make wish lists containing products in the WooCommerce store, and is currently installed on 500,000+ websites. Are You at Risk? This vulnerability […]more…

Malicious Website Cryptominers from GitHub. Part 2.

Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack that also used GitHub for serving malicious code. Encrypted CoinHive Miner in Header.php The following encrypted malware was found in the header.php file of the active WordPress theme: There are […]more…

Reverse Javascript Injection Redirects to Support Scam on WordPress

Over the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs Note. The campaign attempts to redirect visitors to a bogus Windows support page claiming that their computers are infected with ‘riskware’ and will be disabled unless they call what […]more…

About site

This is experimental project, which search automatically antivirus, security, malware, etc. news and alerts. If you want add/delete source or post, let us know. We will add/delete it. We'd like make place, where you can find security information from various sources with correct backlink back to source.